6th May 2024

Consumer perceptions of fraud, authentication and security 

By Grant White

When designing solutions for customer authentication and fraud prevention we must remember to take into account the consumer’s point of view. 

The following is based on excerpts from a report produced in partnership with the Contact Centre Management Association (CCMA)

It might sound obvious but when designing a new solution to solve an issue, it is important to consult the people who will be using it – not least because their insight might surprise you. This is what the CCMA found with their research into consumer perceptions of fraud, authentication and security.

The study found that while it is challenging to persuade consumers to accept friction, there is evidence that an increasingly large majority of people do understand that responsibility for protection lies with both the provider and the consumer. Indeed, the report showed that 70% of consumers believe that preventing unauthorised account access is the shared responsibility of both the individual and the provider, up from 64% in 2022.

In terms of which organisations are perceived to be the best in terms of raising awareness of fraud, banks are thought to be leading the way. This is no doubt driven by the high frequency of banking transactions which offer regular opportunities to communicate.

For some industries, though, consumer awareness is not always a good thing; it can bring unintended and undesirable consequences. For example, communicating awareness of different types of fraud and ways to prevent them can notify fraudsters that a change of approach may be needed.

Craig McKeever, Fraud Analyst at Optimus Cards UK explains in the report: “ Once the fraudster knows that we’re aware of something they will just move on. And we fall back behind. It’s like tipping them off. They can cycle back five years and start doing the same things they were doing then, because everybody’s forgotten.”  

In addition to taking a lead on communication, banks are also rated most favourably in terms of authentication experience. However it’s not clear the extent to which banks’ strong ratings are due to the familiarity consumers have developed with banking log-in journey, rather than superior authentication experiences. 

The influence of familiarity, for example, indicates that One-Time Passwords (OTPs) are most highly rated among various telephone authentication methods when it comes to perceived convenience. Objectively, OTPs bring more friction to the customer journey compared with automatic voice or number recognition. Yet the latter methods receive substantially lower ratings for convenience while OTP receive the highest scores. This suggests that perceived friction diminishes as customers acclimatise. 

Contact centres, however, are moving away from OTPs as first-party fraud and social engineering proliferate. Despite OTPs having now achieved widespread consumer acceptance, they are becoming less and less effective. Fraudsters are adept at obtaining OTPs via social engineering, while OTPs offer no defence against first-party fraud. Like OTPs, biometrics are also ineffective at preventing first-party fraud. “ The OTP has become almost redundant. It’s so easy to manipulate the system to get it.” – McKeever explains.

Security and authentication perceptions by sector are closely linked 

When questioned about the security of their accounts across various provider types, consumer perceptions of security closely mirror their assessments of the authentication experience, with banks once again receiving high scores. Notably, retailers garner more positive ratings for their authentication experience than for security, creating a distinctive pattern. Conversely, council and government bodies receive higher ratings for security than for the authentication experience.

Predictably, individuals who have encountered a fraud attempt tend to be more discerning and critical about the security measures implemented by their service providers.

“ People’s mindset changes if they have the event. You start to ask for more friction in your processes because you want to be safeguarded,” says Jon Bowen, Director of Operations at Paymentshield & Lloyd Latchford.

What’s the answer? The role of analytics and AI 

Advanced analytics and artificial intelligence (AI) are increasingly important on both fronts, enhancing security measures and minimising friction in the process. Emerging technology plays a crucial role in strengthening security by significantly improving the accuracy and speed of fraud detection, adeptly identifying and flagging anomalies.

Machine learning proves invaluable in swiftly updating business rules to align with rapidly changing customer or fraudster behavioural patterns, surpassing the speed at which humans can adapt. Additionally, the capability to generate personalised risk profiles and apply customised business rules at an individual level serves to not only enhance organisational protection but also ensure that customers undergo an authentication experience tailored to their needs. This approach allows for the tightening of security measures when necessary while simplifying authentication for those with favourable risk profiles.

Fraud is evolving fast – so consumer attitudes towards security must evolve too. But the technology is there to help ensure solutions are as streamlined and targeted as possible – so it’s on the consumer-facing companies to make the most of that. To find out more, read the report.